Total
1136 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8646 | 1 Eclipse | 1 Glassfish | 2024-09-18 | N/A | 6.1 MEDIUM |
| In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/'). | |||||
| CVE-2024-8586 | 1 Uniong | 1 Webitr | 2024-09-16 | N/A | 6.1 MEDIUM |
| WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, can be redirected to another page, potentially leading to phishing attacks. | |||||
| CVE-2024-7312 | 1 Payara | 1 Payara | 2024-09-13 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before 5.67.0, from 4.1.2.191.0 before 4.1.2.191.50. | |||||
| CVE-2024-8412 | 1 Linuxos | 1 Shakal-ng | 2024-09-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument next leads to open redirect. It is possible to launch the attack remotely. The name of the patch is ebd1c2cba59cbac198bf2fd5a10565994d4f02cb. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2024-42341 | 1 Loway | 1 Queuemetrics | 2024-09-11 | N/A | 6.1 MEDIUM |
| Loway - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | |||||
| CVE-2024-8555 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-09-10 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. It has been classified as problematic. Affected is an unknown function of the file congratulations.php. The manipulation of the argument goto_page leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-39097 | 2024-08-27 | N/A | 6.1 MEDIUM | ||
| There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path. | |||||
| CVE-2024-6377 | 1 3ds | 1 3dexperience | 2024-08-27 | N/A | 8.1 HIGH |
| An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL. | |||||
| CVE-2024-43794 | 2024-08-23 | N/A | 6.1 MEDIUM | ||
| OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is available in 1.3.19 and 2.16.0 for this issue. | |||||
| CVE-2024-7428 | 2024-08-23 | N/A | N/A | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in OpenTextâ„¢ Network Node Manager i (NNMi) allows URL Redirector Abuse.This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2. | |||||
| CVE-2024-7902 | 1 Public Knowledge Project | 1 Open Journal Systems | 2024-08-20 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in pkp ojs up to 3.4.0-6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login/signOut. The manipulation of the argument source with the input .example.com leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-42353 | 1 Pylonsproject | 1 Webob | 2024-08-19 | N/A | 6.1 MEDIUM |
| WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8. | |||||
| CVE-2024-43236 | 2024-08-19 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Easy PayPal Buy Now Button.This issue affects Easy PayPal Buy Now Button: from n/a through 1.9. | |||||
| CVE-2024-38211 | 1 Microsoft | 1 Dynamics 365 | 2024-08-15 | N/A | 8.2 HIGH |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2024-41955 | 1 Opensecurity | 1 Mobile Security Framework | 2024-08-15 | N/A | 5.2 MEDIUM |
| Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5. | |||||
| CVE-2024-39694 | 2024-08-01 | N/A | 4.7 MEDIUM | ||
| Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it to a third-party, untrusted site. Note: by itself, this vulnerability does **not** allow an attacker to obtain user credentials, authorization codes, access tokens, refresh tokens, or identity tokens. An attacker could however exploit this vulnerability as part of a phishing attack designed to steal user credentials. This vulnerability is fixed in 7.0.6, 6.3.10, 6.2.5, 6.1.8, and 6.0.5. Duende.IdentityServer 5.1 and earlier and all versions of IdentityServer4 are no longer supported and will not be receiving updates. If upgrading is not possible, use `IUrlHelper.IsLocalUrl` from ASP.NET Core to validate return Urls in user interface code in the IdentityServer host. | |||||